Vulnerability Details CVE-2017-18348
Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert Trojan horse programs into $SPLUNK_HOME/bin, because the non-root setup instructions state that chown should be run across all of $SPLUNK_HOME to give non-root access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.5%
CVSS Severity
CVSS v3 Score 7.0
CVSS v2 Score 6.9
References
Products affected by CVE-2017-18348
-
cpe:2.3:a:splunk:splunk:6.6.0
-
cpe:2.3:a:splunk:splunk:6.6.1
-
cpe:2.3:a:splunk:splunk:6.6.10
-
cpe:2.3:a:splunk:splunk:6.6.11
-
cpe:2.3:a:splunk:splunk:6.6.2
-
cpe:2.3:a:splunk:splunk:6.6.3
-
cpe:2.3:a:splunk:splunk:6.6.4
-
cpe:2.3:a:splunk:splunk:6.6.5
-
cpe:2.3:a:splunk:splunk:6.6.6
-
cpe:2.3:a:splunk:splunk:6.6.7
-
cpe:2.3:a:splunk:splunk:6.6.8
-
cpe:2.3:a:splunk:splunk:6.6.9